4N-H4Xor

**Name of the Vulnerable Software and Affected Versions** Textpattern version 4.8.8 **Description** An arbitrary file upload vulnerability in the plugin upload function allows attackers to execute arbitrary code via a crafted Zip file. **Recommendations** For Textpattern version 4.8.8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Flatpress version 1.2.1 **Description** A reflected cross-site scripting (XSS) issue was found in Flatpress. The issue is related to the `page` parameter at the "/flatpress/admin.php" API endpoint. This allows for potential XSS attacks. **Recommendations** For Flatpress version 1.2.1, consider restricting access to the "/flatpress/admin.php" API endpoint until a fix is available. As a temporary workaround, avoid using the `page` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Flatpress version 1.2.1 **Description** A remote code execution issue was found in the Upload File function, allowing for potential code execution. **Recommendations** For version 1.2.1, consider disabling the Upload File function until a patch is available to prevent exploitation.